Privacy notice

Last updated: 12 April 2026

Who is responsible for your information

This website is operated for Julia Hendry Counselling & Supervision. For UK data protection purposes, Julia Hendry is the controller for personal information submitted through this website.

If you have a privacy question, please use the contact form and mark your message for Julia's attention. This website contact route should not be used for emergencies or urgent clinical support.

What information the website collects

When you send an enquiry, the website asks for your name, email address, the service you are interested in, and your message. The site also records the time the enquiry was received and its handling status in the admin dashboard, such as new, complete, archived or deleted.

Your message may include sensitive information if you choose to share details about your health, wellbeing, family circumstances, supervision needs or professional situation. Please only include information that is useful at enquiry stage. More detailed clinical or supervision information can be discussed through a more appropriate private route if work begins.

The public website is not currently using marketing cookies, advertising pixels, public visitor accounts or public direct database access. The private admin area uses Firebase Authentication for Julia's login and sets a secure admin session cookie named jh_admin_session. That cookie is only relevant to authorised admin use and lasts for up to seven days.

Children and young people

Julia's work may include support for children and young people, but the website contact form is not designed for urgent support or for detailed clinical disclosure. If you are under 18, consider asking a parent, carer or trusted adult to help you make contact unless there is a good reason not to. If you are in immediate danger or need urgent help, contact emergency services or a crisis support service instead of using this form.

How the information is used

Information submitted through the website is used to:

• receive and respond to enquiries;
• understand which service you are asking about;
• administer the enquiry inbox and keep a basic record of handling status;
• send Julia a notification email that a new enquiry has been received;
• maintain the security and operation of the website and admin area.

The blog admin area is used to draft, edit, publish, archive and soft delete blog posts. Public blog posts should not include identifiable client or supervisee information.

Lawful basis

Julia will only use personal information where there is a lawful basis to do so. For a website enquiry, this will usually be because it is necessary to respond to your request before deciding whether to enter into a counselling, supervision, training or consultancy arrangement, or because Julia has a legitimate interest in managing enquiries and operating a secure website.

If you choose to include health, counselling, supervision or other sensitive information in your enquiry, Julia will handle it with particular care and use it only for the limited purpose of understanding and responding to your request. If work begins, Julia may provide a fuller practice privacy notice covering clinical records, supervision records, safeguarding, confidentiality and professional retention obligations.

Where information is stored and who supports the website

Enquiries are stored in Google Firebase/Firestore and are accessed through a private server-side admin dashboard protected by Firebase Authentication and an admin custom claim. The Firestore and Storage security rules for this website deny public client reads and writes by default; public visitors do not connect directly to the database.

Resend is used to send notification emails when a new enquiry is submitted. The site is built with Next.js and is intended to be hosted on Vercel, which may process basic technical request data needed to serve and secure the website.

These providers act as service providers or processors for the website infrastructure. Some processing may take place outside the UK or EEA, in which case provider safeguards and transfer mechanisms are relied on.

How long information is kept

Website enquiries are kept only for as long as they are needed to respond to the enquiry, manage follow-up and maintain appropriate business records. The admin dashboard supports complete, archived and deleted statuses so Julia can separate active enquiries from old ones.

A deleted status in the dashboard is a soft delete. This means the enquiry is removed from active handling views, but it may remain in the secure database until periodic housekeeping or a separate permanent deletion process is completed.

Your choices and rights

You can ask Julia to confirm what website enquiry information is held about you, ask for inaccurate information to be corrected, object to some uses, request restriction, or ask for deletion where the law allows. Some records may need to be retained where there is a legal, professional, safeguarding or dispute-related reason to do so.

You also have the right to complain to the UK Information Commissioner's Office. The ICO complaint page is available at ico.org.uk/make-a-complaint.

Security

The website uses server-side routes for enquiry handling and admin data access, Firebase Admin SDK on the server, denied-by-default Firestore and Storage rules, same-origin checks on write requests, and an admin-only session cookie. No website can be guaranteed completely secure, so please avoid sending highly detailed or urgent sensitive information through the initial contact form.

Changes to this notice

This notice should be reviewed whenever the website changes how enquiries, analytics, cookies, hosting, email notifications or admin access work. The date at the top of the notice will be updated when material changes are made.